SlideShare a Scribd company logo
2010 CRC PhD Student Conference




Verifying Authentication Properties of C Security
      Protocol Code Using General Verifiers
                            Fran¸ois Dupressoir
                                c


     Supervisors      Andy Gordon (MSR)
                      Jan J¨rjens (TU Dortmund)
                            u
                      Bashar Nuseibeh (Open University)
     Department       Computing
     Registration     Full-Time
     Probation        Passed

1    Introduction
Directly verifying security protocol code could help prevent major security flaws
in communication systems. C is usually used when implementing security soft-
ware (e.g. OpenSSL, cryptlib, PolarSSL...) because it provides control over
side-channels, performance, and portability all at once, along with being easy
to call from a variety of other languages. But those strengths also make it hard
to reason about, especially when dealing with high-level logical properties such
as authentication.


Verifying high-level code. The most advanced results on verifying imple-
mentations of security protocols tackle high-level languages such as F#. Two
main verification trends can be identified on high-level languages. The first
one aims at soundly extracting models from the program code, and using a
cryptography-specific tool such as ProVerif (e.g. fs2pv [BFGT06]) to verify that
the extracted protocol model is secure with respect to a given attacker model.
The second approach, on the other hand, aims at using general verification tools
such as type systems and static analysis to verify security properties directly
on the program code. Using general verification tools permits a user with less
expert knowledge to verify a program, and also allows a more modular approach
to verification, even in the context of security, as argued in [BFG10].

Verifying C code. But very few widely-used security-oriented programs are
written in such high-level languages, and lower-level languages such as C are
usually favoured. Several approaches have been proposed for analysing C secu-
rity protocol code [GP05, ULF06, CD08], but we believe them unsatisfactory
for several reasons:
    • memory-safety assumptions: all three rely on assuming memory-safety




                                        1




                                  Page 19 of 125
2010 CRC PhD Student Conference




       properties,1
    • trusted manual annotations: all three rely on a large amount of trusted
      manual work,
    • unsoundness: both [CD08] and [ULF06] make unsound abstractions and
      simplifications, which is often not acceptable in a security-criticial context,
    • scalability issues: [CD08] is limited to bounded, small in practice, numbers
      of parallel sessions, and we believe [GP05] is limited to small programs due
      to its whole-program analysis approach.

1.1     Goals
Our goal is to provide a new approach to soundly verify Dolev-Yao security
properties of real C code, with a minimal amount of unverified annotations and
assumptions, so that it is accessible to non-experts. We do not aim at verifying
implementations of encryption algorithms and other cryptographic operations,
but their correct usage in secure communication protocols such as TLS.


2      Framework
Previous approaches to verifying security properties of C programs did not de-
fine attacker models at the level of the programming language, since they were
based on extracting a more abstract model from the analysed C code (CSur and
Aspier), or simply verified compliance of the program to a separate specification
(as in Pistachio). However, to achieve our scalability goals, we choose to define
an attacker model on C programs, that enables a modular verification of the
code.
To avoid issues related to the complex, and often very informal semantics of the
C language, we use the F7 notion of a refined module (see [BFG10]). In F7,
a refined module consists of an imported and an exported interface, contain-
ing function declarations and predicate definitions, along with a piece of type-
checked F# code. The main result states that a refined module with empty
imported interface cannot go wrong, and careful use of assertions allows one
to statically verify correspondence properties of the code. Composition results
can also be used to combine existing refined modules whilst ensuring that their
security properties are preserved.
We define our attacker model on C programs by translating F7 interfaces into
annotated C header files. The F7 notion of an opponent, and the corresponding
security results, can then be transferred to C programs that implement an F7-
translated header. The type-checking phase in F7 is, in the case of C programs,
replaced by a verification phase, in our case using VCC. We trust that VCC is
sound, and claim that verifying that a given C program correctly implements
a given annotated C header entails that there exists an equivalent (in terms of
attacks within our attacker model) F7 implementation of that same interface.
    1 Which   may sometimes be purposefully broken as a source of randomness.




                                        Page 20 of 125
2010 CRC PhD Student Conference




3    Case Study
We show how our approach can be used in practice to verify a simple implemen-
tation of an authenticated Remote Procedure Call protocol, that authenticates
the pair of communicating parties using a pre-shared key, and links requests
and responses together. We show that different styles of C code can be verified
using this approach, with varying levels of required annotations, very few of
which are trusted by the verifier. We argue that a large part of the required
annotations are memory-safety related and would be necessary to verify other
properties of the C code, including to verify the memory-safety assumptions
made by previous approaches.


4    Conclusion
We define an attacker model for C code by interpreting verified C programs as
F7 refined modules. We then describe a method to statically prove the impos-
sibility of attacks against C code in this attacker model using VCC [CDH+ 09],
a general C verifier. This approach does not rely on unverified memory-safety
assumptions, and the amount of trusted annotations is minimal. We also believe
it is as sound and scalable as the verifier that is used. Moreover, we believe our
approach can be adapted for use with any contract-based C verifier, and could
greatly benefit from the important recent developments in that area.


References
[BFG10]    Karthikeyan Bhargavan, C´dric Fournet, and Andrew D. Gordon.
                                      e
           Modular verification of security protocol code by typing. In Proceed-
           ings of the 37th annual ACM SIGPLAN-SIGACT symposium on
           Principles of programming languages - POPL ’10, pages 445—456,
           Madrid, Spain, 2010.
[BFGT06] Karthikeyan Bhargavan, C´dric Fournet, Andrew D. Gordon, and
                                    e
         Stephen Tse. Verified interoperable implementations of security pro-
         tocols. In CSFW ’06: Proceedings of the 19th IEEE workshop on
         Computer Security Foundations, pages 139—-152, Washington, DC,
         USA, 2006. IEEE Computer Society.
[CD08]     Sagar Chaki and Anupam Datta. ASPIER: an automated framework
           for verifying security protocol implementations. Technical CMU-
           CyLab-08-012, CyLab, Carnegie Mellon University, 2008.

[CDH+ 09] Ernie Cohen, Markus Dahlweid, Mark Hillebrand, Dirk Leinenbach,
          Michal Moskal, Thomas Santen, Wolfram Schulte, and Stephan To-
          bies. VCC: a practical system for verifying concurrent C. In Pro-
          ceedings of the 22nd International Conference on Theorem Prov-
          ing in Higher Order Logics, pages 23—42, Munich, Germany, 2009.
          Springer-Verlag.
[GP05]     Jean Goubault-Larrecq and Fabrice Parrennes. Cryptographic pro-
           tocol analysis on real C code. In Proceedings of the 6th International




                                  Page 21 of 125
2010 CRC PhD Student Conference




          Conference on Verification, Model Checking and Abstract Interpre-
          tation (VMCAI’05), volume 3385 of Lecture Notes in Computer Sci-
          ence, page 363–379. Springer, 2005.

[ULF06]   Octavian Udrea, Cristian Lumezanu, and Jeffrey S Foster. Rule-
          Based static analysis of network protocol implementations. IN PRO-
          CEEDINGS OF THE 15TH USENIX SECURITY SYMPOSIUM,
          pages 193—208, 2006.




                                Page 22 of 125

More Related Content

What's hot

CE.RE.S: An Eclipse plug-in to evaluate source code readability
CE.RE.S: An Eclipse plug-in to evaluate source code readabilityCE.RE.S: An Eclipse plug-in to evaluate source code readability
CE.RE.S: An Eclipse plug-in to evaluate source code readability
Gemma Catolino
 
29-Krishan Kumar
29-Krishan Kumar29-Krishan Kumar
29-Krishan Kumarkrishan8018
 
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
IJCSIS Research Publications
 
Software Security Certification
Software Security CertificationSoftware Security Certification
Software Security CertificationVskills
 
HYBRID MODEL IN THE BLOCK CIPHER APPLICATIONS FOR HIGH-SPEED COMMUNICATIONS N...
HYBRID MODEL IN THE BLOCK CIPHER APPLICATIONS FOR HIGH-SPEED COMMUNICATIONS N...HYBRID MODEL IN THE BLOCK CIPHER APPLICATIONS FOR HIGH-SPEED COMMUNICATIONS N...
HYBRID MODEL IN THE BLOCK CIPHER APPLICATIONS FOR HIGH-SPEED COMMUNICATIONS N...
IJCNCJournal
 
9 d57206b cryptography & network security
9 d57206b cryptography & network security9 d57206b cryptography & network security
9 d57206b cryptography & network security
Vinod Kumar Gorrepati
 
Software engineering based self-checking process for cyber security system in...
Software engineering based self-checking process for cyber security system in...Software engineering based self-checking process for cyber security system in...
Software engineering based self-checking process for cyber security system in...
IJECEIAES
 
Model-based security testing
Model-based security testingModel-based security testing
Model-based security testingAxel Rennoch
 
Automatic binary deobfuscation
Automatic binary deobfuscationAutomatic binary deobfuscation
Automatic binary deobfuscationUltraUploader
 

What's hot (12)

Robin Singh-Fd
Robin Singh-FdRobin Singh-Fd
Robin Singh-Fd
 
CE.RE.S: An Eclipse plug-in to evaluate source code readability
CE.RE.S: An Eclipse plug-in to evaluate source code readabilityCE.RE.S: An Eclipse plug-in to evaluate source code readability
CE.RE.S: An Eclipse plug-in to evaluate source code readability
 
29-Krishan Kumar
29-Krishan Kumar29-Krishan Kumar
29-Krishan Kumar
 
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
 
Software Security Certification
Software Security CertificationSoftware Security Certification
Software Security Certification
 
Chandra_CV 3 8Yr Exp
Chandra_CV 3 8Yr Exp Chandra_CV 3 8Yr Exp
Chandra_CV 3 8Yr Exp
 
HYBRID MODEL IN THE BLOCK CIPHER APPLICATIONS FOR HIGH-SPEED COMMUNICATIONS N...
HYBRID MODEL IN THE BLOCK CIPHER APPLICATIONS FOR HIGH-SPEED COMMUNICATIONS N...HYBRID MODEL IN THE BLOCK CIPHER APPLICATIONS FOR HIGH-SPEED COMMUNICATIONS N...
HYBRID MODEL IN THE BLOCK CIPHER APPLICATIONS FOR HIGH-SPEED COMMUNICATIONS N...
 
Nanaji_Sahukara
Nanaji_SahukaraNanaji_Sahukara
Nanaji_Sahukara
 
9 d57206b cryptography & network security
9 d57206b cryptography & network security9 d57206b cryptography & network security
9 d57206b cryptography & network security
 
Software engineering based self-checking process for cyber security system in...
Software engineering based self-checking process for cyber security system in...Software engineering based self-checking process for cyber security system in...
Software engineering based self-checking process for cyber security system in...
 
Model-based security testing
Model-based security testingModel-based security testing
Model-based security testing
 
Automatic binary deobfuscation
Automatic binary deobfuscationAutomatic binary deobfuscation
Automatic binary deobfuscation
 

Similar to Dupressoir

Aizatulin
AizatulinAizatulin
Aizatulinanesah
 
A035401010
A035401010A035401010
A035401010
inventionjournals
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Audits
ijseajournal
 
Building a Distributed Secure System on Multi-Agent Platform Depending on the...
Building a Distributed Secure System on Multi-Agent Platform Depending on the...Building a Distributed Secure System on Multi-Agent Platform Depending on the...
Building a Distributed Secure System on Multi-Agent Platform Depending on the...
CSCJournals
 
Course overview Cybersecurity and its applications
Course overview Cybersecurity and its applicationsCourse overview Cybersecurity and its applications
Course overview Cybersecurity and its applications
Sanket Shikhar
 
Fuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsFuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsCodenomicon
 
IEEE Projects 2012-2013 Network Security
IEEE Projects 2012-2013 Network SecurityIEEE Projects 2012-2013 Network Security
IEEE Projects 2012-2013 Network Security
SBGC
 
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
CSCJournals
 
Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...
Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...
Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...
SBGC
 
Internal security on an ids based on agents
Internal security on an ids based on agentsInternal security on an ids based on agents
Internal security on an ids based on agents
csandit
 
INTERNAL SECURITY ON AN IDS BASED ON AGENTS
INTERNAL SECURITY ON AN IDS BASED ON AGENTSINTERNAL SECURITY ON AN IDS BASED ON AGENTS
INTERNAL SECURITY ON AN IDS BASED ON AGENTS
cscpconf
 
Vulnerability Detection Based on Git History
Vulnerability Detection Based on Git HistoryVulnerability Detection Based on Git History
Vulnerability Detection Based on Git History
Kenta Yamamoto
 
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In VanetAn Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
ijcisjournal
 
An explicit trust model towards better system security
An explicit trust model towards better system securityAn explicit trust model towards better system security
An explicit trust model towards better system security
csandit
 
Mansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docxMansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docx
infantsuk
 
4.Security Assessment And Testing
4.Security Assessment And Testing4.Security Assessment And Testing
4.Security Assessment And Testingphanleson
 
Binary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programmingBinary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programmingnong_dan
 
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
ijcisjournal
 

Similar to Dupressoir (20)

Aizatulin
AizatulinAizatulin
Aizatulin
 
Secure Software
Secure SoftwareSecure Software
Secure Software
 
A035401010
A035401010A035401010
A035401010
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Audits
 
Building a Distributed Secure System on Multi-Agent Platform Depending on the...
Building a Distributed Secure System on Multi-Agent Platform Depending on the...Building a Distributed Secure System on Multi-Agent Platform Depending on the...
Building a Distributed Secure System on Multi-Agent Platform Depending on the...
 
Course overview Cybersecurity and its applications
Course overview Cybersecurity and its applicationsCourse overview Cybersecurity and its applications
Course overview Cybersecurity and its applications
 
Fuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsFuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for Telecommunications
 
IEEE Projects 2012-2013 Network Security
IEEE Projects 2012-2013 Network SecurityIEEE Projects 2012-2013 Network Security
IEEE Projects 2012-2013 Network Security
 
V4I5201571
V4I5201571V4I5201571
V4I5201571
 
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
 
Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...
Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...
Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...
 
Internal security on an ids based on agents
Internal security on an ids based on agentsInternal security on an ids based on agents
Internal security on an ids based on agents
 
INTERNAL SECURITY ON AN IDS BASED ON AGENTS
INTERNAL SECURITY ON AN IDS BASED ON AGENTSINTERNAL SECURITY ON AN IDS BASED ON AGENTS
INTERNAL SECURITY ON AN IDS BASED ON AGENTS
 
Vulnerability Detection Based on Git History
Vulnerability Detection Based on Git HistoryVulnerability Detection Based on Git History
Vulnerability Detection Based on Git History
 
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In VanetAn Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
 
An explicit trust model towards better system security
An explicit trust model towards better system securityAn explicit trust model towards better system security
An explicit trust model towards better system security
 
Mansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docxMansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docx
 
4.Security Assessment And Testing
4.Security Assessment And Testing4.Security Assessment And Testing
4.Security Assessment And Testing
 
Binary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programmingBinary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programming
 
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
 

More from anesah

Aizatulin slides-4-3
Aizatulin slides-4-3Aizatulin slides-4-3
Aizatulin slides-4-3anesah
 
Aizatulin poster
Aizatulin posterAizatulin poster
Aizatulin posteranesah
 
Abraham
AbrahamAbraham
Abrahamanesah
 
Mouawad
MouawadMouawad
Mouawadanesah
 
Pantidi
PantidiPantidi
Pantidi
anesah
 
Wilkie
WilkieWilkie
Wilkie
anesah
 
Van der merwe
Van der merweVan der merwe
Van der merwe
anesah
 
Thomas
ThomasThomas
Thomas
anesah
 
Taubenberger
TaubenbergerTaubenberger
Taubenberger
anesah
 
Sach
SachSach
Sach
anesah
 
Pantidi
PantidiPantidi
Pantidianesah
 
Corneli
CorneliCorneli
Cornelianesah
 
Collins
CollinsCollins
Collinsanesah
 
Xambo
XamboXambo
Xambo
anesah
 
Ullmann
UllmannUllmann
Ullmannanesah
 
Quinto
QuintoQuinto
Quintoanesah
 
Pawlik
PawlikPawlik
Pawlikanesah
 

More from anesah (20)

Aizatulin slides-4-3
Aizatulin slides-4-3Aizatulin slides-4-3
Aizatulin slides-4-3
 
Aizatulin poster
Aizatulin posterAizatulin poster
Aizatulin poster
 
Abraham
AbrahamAbraham
Abraham
 
Mouawad
MouawadMouawad
Mouawad
 
Pantidi
PantidiPantidi
Pantidi
 
Wilkie
WilkieWilkie
Wilkie
 
Van der merwe
Van der merweVan der merwe
Van der merwe
 
Thomas
ThomasThomas
Thomas
 
Taubenberger
TaubenbergerTaubenberger
Taubenberger
 
Sach
SachSach
Sach
 
Rae
RaeRae
Rae
 
Pantidi
PantidiPantidi
Pantidi
 
Corneli
CorneliCorneli
Corneli
 
Collins
CollinsCollins
Collins
 
Xambo
XamboXambo
Xambo
 
Ullmann
UllmannUllmann
Ullmann
 
Tran
TranTran
Tran
 
Quinto
QuintoQuinto
Quinto
 
Pluss
PlussPluss
Pluss
 
Pawlik
PawlikPawlik
Pawlik
 

Recently uploaded

The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 

Recently uploaded (20)

The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 

Dupressoir

  • 1. 2010 CRC PhD Student Conference Verifying Authentication Properties of C Security Protocol Code Using General Verifiers Fran¸ois Dupressoir c Supervisors Andy Gordon (MSR) Jan J¨rjens (TU Dortmund) u Bashar Nuseibeh (Open University) Department Computing Registration Full-Time Probation Passed 1 Introduction Directly verifying security protocol code could help prevent major security flaws in communication systems. C is usually used when implementing security soft- ware (e.g. OpenSSL, cryptlib, PolarSSL...) because it provides control over side-channels, performance, and portability all at once, along with being easy to call from a variety of other languages. But those strengths also make it hard to reason about, especially when dealing with high-level logical properties such as authentication. Verifying high-level code. The most advanced results on verifying imple- mentations of security protocols tackle high-level languages such as F#. Two main verification trends can be identified on high-level languages. The first one aims at soundly extracting models from the program code, and using a cryptography-specific tool such as ProVerif (e.g. fs2pv [BFGT06]) to verify that the extracted protocol model is secure with respect to a given attacker model. The second approach, on the other hand, aims at using general verification tools such as type systems and static analysis to verify security properties directly on the program code. Using general verification tools permits a user with less expert knowledge to verify a program, and also allows a more modular approach to verification, even in the context of security, as argued in [BFG10]. Verifying C code. But very few widely-used security-oriented programs are written in such high-level languages, and lower-level languages such as C are usually favoured. Several approaches have been proposed for analysing C secu- rity protocol code [GP05, ULF06, CD08], but we believe them unsatisfactory for several reasons: • memory-safety assumptions: all three rely on assuming memory-safety 1 Page 19 of 125
  • 2. 2010 CRC PhD Student Conference properties,1 • trusted manual annotations: all three rely on a large amount of trusted manual work, • unsoundness: both [CD08] and [ULF06] make unsound abstractions and simplifications, which is often not acceptable in a security-criticial context, • scalability issues: [CD08] is limited to bounded, small in practice, numbers of parallel sessions, and we believe [GP05] is limited to small programs due to its whole-program analysis approach. 1.1 Goals Our goal is to provide a new approach to soundly verify Dolev-Yao security properties of real C code, with a minimal amount of unverified annotations and assumptions, so that it is accessible to non-experts. We do not aim at verifying implementations of encryption algorithms and other cryptographic operations, but their correct usage in secure communication protocols such as TLS. 2 Framework Previous approaches to verifying security properties of C programs did not de- fine attacker models at the level of the programming language, since they were based on extracting a more abstract model from the analysed C code (CSur and Aspier), or simply verified compliance of the program to a separate specification (as in Pistachio). However, to achieve our scalability goals, we choose to define an attacker model on C programs, that enables a modular verification of the code. To avoid issues related to the complex, and often very informal semantics of the C language, we use the F7 notion of a refined module (see [BFG10]). In F7, a refined module consists of an imported and an exported interface, contain- ing function declarations and predicate definitions, along with a piece of type- checked F# code. The main result states that a refined module with empty imported interface cannot go wrong, and careful use of assertions allows one to statically verify correspondence properties of the code. Composition results can also be used to combine existing refined modules whilst ensuring that their security properties are preserved. We define our attacker model on C programs by translating F7 interfaces into annotated C header files. The F7 notion of an opponent, and the corresponding security results, can then be transferred to C programs that implement an F7- translated header. The type-checking phase in F7 is, in the case of C programs, replaced by a verification phase, in our case using VCC. We trust that VCC is sound, and claim that verifying that a given C program correctly implements a given annotated C header entails that there exists an equivalent (in terms of attacks within our attacker model) F7 implementation of that same interface. 1 Which may sometimes be purposefully broken as a source of randomness. Page 20 of 125
  • 3. 2010 CRC PhD Student Conference 3 Case Study We show how our approach can be used in practice to verify a simple implemen- tation of an authenticated Remote Procedure Call protocol, that authenticates the pair of communicating parties using a pre-shared key, and links requests and responses together. We show that different styles of C code can be verified using this approach, with varying levels of required annotations, very few of which are trusted by the verifier. We argue that a large part of the required annotations are memory-safety related and would be necessary to verify other properties of the C code, including to verify the memory-safety assumptions made by previous approaches. 4 Conclusion We define an attacker model for C code by interpreting verified C programs as F7 refined modules. We then describe a method to statically prove the impos- sibility of attacks against C code in this attacker model using VCC [CDH+ 09], a general C verifier. This approach does not rely on unverified memory-safety assumptions, and the amount of trusted annotations is minimal. We also believe it is as sound and scalable as the verifier that is used. Moreover, we believe our approach can be adapted for use with any contract-based C verifier, and could greatly benefit from the important recent developments in that area. References [BFG10] Karthikeyan Bhargavan, C´dric Fournet, and Andrew D. Gordon. e Modular verification of security protocol code by typing. In Proceed- ings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL ’10, pages 445—456, Madrid, Spain, 2010. [BFGT06] Karthikeyan Bhargavan, C´dric Fournet, Andrew D. Gordon, and e Stephen Tse. Verified interoperable implementations of security pro- tocols. In CSFW ’06: Proceedings of the 19th IEEE workshop on Computer Security Foundations, pages 139—-152, Washington, DC, USA, 2006. IEEE Computer Society. [CD08] Sagar Chaki and Anupam Datta. ASPIER: an automated framework for verifying security protocol implementations. Technical CMU- CyLab-08-012, CyLab, Carnegie Mellon University, 2008. [CDH+ 09] Ernie Cohen, Markus Dahlweid, Mark Hillebrand, Dirk Leinenbach, Michal Moskal, Thomas Santen, Wolfram Schulte, and Stephan To- bies. VCC: a practical system for verifying concurrent C. In Pro- ceedings of the 22nd International Conference on Theorem Prov- ing in Higher Order Logics, pages 23—42, Munich, Germany, 2009. Springer-Verlag. [GP05] Jean Goubault-Larrecq and Fabrice Parrennes. Cryptographic pro- tocol analysis on real C code. In Proceedings of the 6th International Page 21 of 125
  • 4. 2010 CRC PhD Student Conference Conference on Verification, Model Checking and Abstract Interpre- tation (VMCAI’05), volume 3385 of Lecture Notes in Computer Sci- ence, page 363–379. Springer, 2005. [ULF06] Octavian Udrea, Cristian Lumezanu, and Jeffrey S Foster. Rule- Based static analysis of network protocol implementations. IN PRO- CEEDINGS OF THE 15TH USENIX SECURITY SYMPOSIUM, pages 193—208, 2006. Page 22 of 125